Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/jVYQvJySqwAOyOejoZLzAfpgsMI.roa
File:                     jVYQvJySqwAOyOejoZLzAfpgsMI.roa (raw, json)
Hash identifier:          NNsZ1ym2lDDRZQIONTaHiLDOAXZMzuKXfMeD66VL1dQ=
Subject key identifier:   8D:56:10:BC:9C:92:AB:00:0E:C8:E7:A3:A1:92:F3:01:FA:60:B0:C2
Certificate issuer:       /CN=252a182d91f456d850210dbf72da7e475fbf3c08
Certificate serial:       01845CABF429A375E2AE6E21FEE018BB81CC
Authority key identifier: 25:2A:18:2D:91:F4:56:D8:50:21:0D:BF:72:DA:7E:47:5F:BF:3C:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSoYLZH0VthQIQ2_ctp-R1-_PAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/jVYQvJySqwAOyOejoZLzAfpgsMI.roa
Signing time:             Wed 09 Nov 2022 13:54:43 +0000
ROA not before:           Wed 09 Nov 2022 13:54:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198434
IP address blocks:        185.73.250.0/24 maxlen: 24
                          185.73.248.0/22 maxlen: 24
                          185.73.248.0/24 maxlen: 24
                          185.73.249.0/24 maxlen: 24
                          213.138.217.0/24 maxlen: 24
                          213.138.218.0/24 maxlen: 24
                          213.138.219.0/24 maxlen: 24
                          213.138.216.0/22 maxlen: 24
                          213.138.216.0/24 maxlen: 24
                          37.72.33.0/24 maxlen: 24
                          37.72.34.0/24 maxlen: 24
                          37.72.35.0/24 maxlen: 24
                          37.72.36.0/24 maxlen: 24
                          37.72.37.0/24 maxlen: 24
                          37.72.38.0/24 maxlen: 24
                          37.72.32.0/21 maxlen: 24
                          37.72.32.0/24 maxlen: 24
                          37.72.39.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:84:5c:ab:f4:29:a3:75:e2:ae:6e:21:fe:e0:18:bb:81:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=252a182d91f456d850210dbf72da7e475fbf3c08
        Validity
            Not Before: Nov  9 13:54:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=8d5610bc9c92ab000ec8e7a3a192f301fa60b0c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:49:45:d7:b2:d6:be:40:7a:ba:9e:18:38:f3:
                    ed:54:7f:71:68:91:56:3b:9a:03:2e:be:f4:aa:2a:
                    83:08:fc:ad:27:3a:42:0f:7f:29:70:1d:4c:c2:43:
                    c1:d1:b6:3f:b4:c2:16:99:f5:91:cf:21:d7:5b:1e:
                    ef:12:41:95:17:ee:cd:a7:5b:9c:f4:76:86:8c:94:
                    b1:bd:ca:e0:f8:a9:2c:0e:28:4c:c5:d2:cc:d8:48:
                    d1:d4:f9:26:e1:ef:94:8f:dd:6b:38:53:a0:dd:a8:
                    d9:63:46:84:95:66:32:bb:fa:44:d0:65:28:87:01:
                    3d:dc:29:b6:11:3f:dc:46:36:08:ff:fd:c6:a5:8e:
                    39:33:e2:1e:0d:7f:96:49:7d:a5:a7:21:e0:77:c2:
                    72:6a:77:41:a2:35:13:16:d7:1e:60:76:7e:be:8c:
                    c1:77:4e:4e:89:a5:f8:ec:ce:ba:e5:17:8a:78:10:
                    a5:44:d9:b8:1c:e0:d5:55:b6:67:06:00:9c:95:e2:
                    72:0e:33:26:45:a6:d1:29:88:f0:69:de:bf:6e:96:
                    c6:a8:0c:97:b3:c1:31:e2:c4:80:30:b0:0d:38:d2:
                    1a:82:4f:43:0b:8d:41:69:08:1e:aa:60:e6:a2:6e:
                    c2:14:0a:67:e3:a5:49:f2:ff:c9:59:e3:1c:91:f8:
                    d7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:56:10:BC:9C:92:AB:00:0E:C8:E7:A3:A1:92:F3:01:FA:60:B0:C2
            X509v3 Authority Key Identifier:
                keyid:25:2A:18:2D:91:F4:56:D8:50:21:0D:BF:72:DA:7E:47:5F:BF:3C:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSoYLZH0VthQIQ2_ctp-R1-_PAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/jVYQvJySqwAOyOejoZLzAfpgsMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/b77e6a-ace3-4ff2-b22a-582f9d2e38b2/1/JSoYLZH0VthQIQ2_ctp-R1-_PAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.32.0/21
                  185.73.248.0/22
                  213.138.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:43:22:82:7b:9b:4e:f7:f6:9c:1a:1b:02:04:c3:e6:e8:64:
         1b:5e:be:22:bd:56:4d:ea:13:90:7e:dc:80:44:db:60:c6:c5:
         c6:4b:cf:a1:18:f6:93:26:0c:a2:92:55:aa:b8:d0:ad:24:94:
         7d:42:1a:30:a8:ac:9e:12:78:6f:a8:7f:0b:06:92:64:7d:f1:
         47:f7:16:f8:91:f2:47:dd:dc:3e:8d:ca:d3:d3:d6:d6:69:85:
         5c:2a:b1:3c:27:72:cc:d5:6e:37:4a:d5:84:43:4e:63:8d:21:
         78:93:fb:fe:90:a8:3c:9c:0c:f4:7f:d8:dd:55:24:ec:60:f9:
         34:ad:99:f4:d7:5f:bb:33:c2:93:25:45:c4:d8:e5:65:43:cb:
         d7:27:6d:57:75:b6:64:cc:0a:52:b6:b9:eb:68:a6:51:1b:fe:
         bd:e9:2a:bf:30:ef:d0:ca:f6:50:62:55:46:7f:07:e0:3b:4a:
         ba:33:cd:4a:fc:5a:36:e6:76:00:0e:10:9f:bf:27:04:13:5b:
         81:55:6c:92:c1:21:8e:71:58:80:6a:2d:fc:ac:ec:e9:c1:93:
         3a:64:13:88:4d:9f:93:45:07:e1:67:ed:94:1c:07:bf:53:a1:
         87:70:1f:16:24:5c:1a:19:86:7e:65:8c:6c:5d:0e:50:97:64:
         43:02:a4:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYRcq/Qpo3Xirm4h/uAYu4HMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MmExODJkOTFmNDU2ZDg1MDIxMGRiZjcyZGE3ZTQ3NWZi
ZjNjMDgwHhcNMjIxMTA5MTM1NDQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDU2MTBiYzljOTJhYjAwMGVjOGU3YTNhMTkyZjMwMWZhNjBiMGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0lF17LWvkB6up4YOPPtVH9xaJFW
O5oDLr70qiqDCPytJzpCD38pcB1MwkPB0bY/tMIWmfWRzyHXWx7vEkGVF+7Np1uc
9HaGjJSxvcrg+KksDihMxdLM2EjR1Pkm4e+Uj91rOFOg3ajZY0aElWYyu/pE0GUo
hwE93Cm2ET/cRjYI//3GpY45M+IeDX+WSX2lpyHgd8JyandBojUTFtceYHZ+vozB
d05OiaX47M665ReKeBClRNm4HODVVbZnBgCcleJyDjMmRabRKYjwad6/bpbGqAyX
s8Ex4sSAMLANONIagk9DC41BaQgeqmDmom7CFApn46VJ8v/JWeMckfjXeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI1WELyckqsADsjno6GS8wH6YLDCMB8GA1UdIwQY
MBaAFCUqGC2R9FbYUCENv3LafkdfvzwIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlNvWUxaSDBWdGhRSVEyX2N0cC1SMS1fUEFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9iNzdlNmEtYWNlMy00ZmYyLWIyMmEt
NTgyZjlkMmUzOGIyLzEvalZZUXZKeVNxd0FPeU9lam9aTHpBZnBnc01JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9iNzdlNmEtYWNlMy00ZmYyLWIyMmEtNTgyZjlkMmUzOGIy
LzEvSlNvWUxaSDBWdGhRSVEyX2N0cC1SMS1fUEFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJUggAwQC
uUn4AwQC1YrYMA0GCSqGSIb3DQEBCwUAA4IBAQCZQyKCe5tO9/acGhsCBMPm6GQb
Xr4ivVZN6hOQftyARNtgxsXGS8+hGPaTJgyiklWquNCtJJR9QhowqKyeEnhvqH8L
BpJkffFH9xb4kfJH3dw+jcrT09bWaYVcKrE8J3LM1W43StWEQ05jjSF4k/v+kKg8
nAz0f9jdVSTsYPk0rZn011+7M8KTJUXE2OVlQ8vXJ21XdbZkzApStrnraKZRG/69
6Sq/MO/QyvZQYlVGfwfgO0q6M81K/Fo25nYADhCfvycEE1uBVWySwSGOcViAai38
rOzpwZM6ZBOITZ+TRQfhZ+2UHAe/U6GHcB8WJFwaGYZ+ZYxsXQ5Ql2RDAqRv
-----END CERTIFICATE-----